CMS 函数使用 flag,这些 flag 使用位字段指定,位字段可以包含以下一个或多个值:
| 常量名 | 说明 |
|---|---|
OPENSSL_CMS_TEXT |
将 text/plain 内容类型标头添加到加密/签名消息中。如果解密或验证,将从输出中去除这些标头;如果解密或验证的消息不是 MIME 类型 text/plain,则会发生错误。 |
OPENSSL_CMS_BINARY |
通常,输入消息被转换为有效使用 CR 和 LF 作为行尾的“canonical”格式:按照
CMS 规范的要求。存在此选项时,不会发生翻译。这在处理可能不是 CMS 格式的二进制数据时很有用。
|
OPENSSL_CMS_NOINTERN |
验证消息时,通常会搜索消息中包含的证书(如果有)以查找签名证书。使用此选项仅使用在 openssl_cms_verify()
的 untrusted_certificates_filename 参数中指定的证书。但是,提供的证书仍可用作不受信任的 CA。
|
OPENSSL_CMS_NOVERIFY |
不验证签名消息的签名者证书。 |
OPENSSL_CMS_NOCERTS |
When signing a message the signer's certificate is normally
included - with this option it is excluded. This will reduce the
size of the signed message but the verifier must have a copy of the
signers certificate available locally (passed using the
untrusted_certificates_filename to
openssl_cms_verify() for example).
|
OPENSSL_CMS_NOATTR |
Normally when a message is signed, a set of attributes are included which include the signing time and the supported symmetric algorithms. With this option they are not included. |
OPENSSL_CMS_DETACHED |
When signing a message, use cleartext signing with the MIME
type "multipart/signed". This is the default
if you do not specify any flags to
openssl_cms_sign().
If you turn this option off, the message will be signed using
opaque signing, which is more resistant to translation by mail relays
but cannot be read by mail agents that do not support S/MIME.
|
OPENSSL_CMS_NOSIGS |
Don't try and verify the signatures on a message |